DHS issues alert on contagion-inspired phishing schemes and online fraud.
The Department of Homeland Security has issued a warning about Ebola-inspired online fraud, as it often does when national crises become phishing bait.
DHS U.S. Computer Emergency Readiness Team “reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme,” states an alert issued Thursday evening.
“Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system,” the notice adds.
The warning does not provide examples.
But SANS Technology Institute researcher Johannes B. Ullrich, who monitors malicious activity on the Web, says so far, he has seen a couple of spam emails peddling Ebola disaster supplies.
One scam-mail he forwarded to Nextgov states:
After the second person was confirmed dead yesterday, civilian crisis protocol is available below.
In the event of a local crisis, we ask that you please remain calm. Please follow guidelines as they are delivered.
If recipients click on the link, they ultimately are directed to familysurvival[dot]com, Ullrich said. Visiting the site is not recommended, as it might contain spyware, key-loggers or other malicious downloads.
Nor is it wise to click on ads hawking an Ebola vaccine.
DHS officials in Thursday’s alert advised taking the following steps to immunize against Ebola-related hoaxes:
• Do not follow unsolicited Web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Using Caution with Email Attachments Cyber Security Tip for information on safely handling email attachments.
• Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for information on social engineering attacks.